Note:
This project will be discontinued after December 13, 2021. [more]
Product:
\.net_framework
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 177 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-14 | CVE-2020-1147 | A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | \.net_core, \.net_framework, Sharepoint_enterprise_server, Sharepoint_server, Visual_studio_2017, Visual_studio_2019 | 7.8 | ||
| 2015-05-13 | CVE-2015-1671 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | \.net_framework, Live_meeting, Lync, Silverlight | 7.8 | ||
| 2017-09-13 | CVE-2017-8759 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | \.net_framework | 7.8 | ||
| 2020-01-14 | CVE-2020-0646 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | \.net_framework | 9.8 | ||
| 2025-01-14 | CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | \.net, \.net_framework, Visual_studio_2017 | 8.8 | ||
| 2024-03-23 | CVE-2024-29059 | .NET Framework Information Disclosure Vulnerability | \.net_framework | 7.5 | ||
| 2012-02-14 | CVE-2012-0014 | Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." | \.net_framework, Silverlight | N/A | ||
| 2024-04-09 | CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | \.net, \.net_framework, Powershell, Visual_studio_2022 | N/A | ||
| 2013-07-10 | CVE-2013-3129 | Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote... | \.net_framework, Lync, Lync_basic, Office, Silverlight, Visual_studio_\.net, Windows_7, Windows_8, Windows_rt, Windows_server_2003, Windows_server_2008, Windows_server_2012, Windows_vista, Windows_xp | N/A | ||
| 2022-11-09 | CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability | \.net_framework, Nuget | N/A |